SECURITY: fix branch name persistent XSS

Reported by Carl Hattenfels.
author: Unknwon <u@gogs.io> 2017-10-15 00:07:46 -0400
committer: Unknwon <u@gogs.io> 2017-10-15 00:07:46 -0400
commit: b727e0be71647c72124d64108c913e4a5bec156b (patch)
tree: 5d957a700134e4b65c92fc6a43a89f2709d289f7 /templates/repo/issue
parent: ea313d0c1e6e467273bcd44fb1d42ff8e9045454 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/templates/repo/issue/view_title.tmpl b/templates/repo/issue/view_title.tmpl
index 3f3b62e6..4650ba4c 100644
--- a/templates/repo/issue/view_title.tmpl
+++ b/templates/repo/issue/view_title.tmpl
@@ -28,7 +28,7 @@
 		{{if .Issue.PullRequest.HasMerged}}
 			{{ $mergedStr:= TimeSince .Issue.PullRequest.Merged $.Lang }}
 			<a {{if gt .Issue.PullRequest.Merger.ID 0}}href="{{.Issue.PullRequest.Merger.HomeLink}}"{{end}}>{{.Issue.PullRequest.Merger.Name}}</a>
-			<span class="pull-desc">{{$.i18n.Tr "repo.pulls.merged_title_desc" .NumCommits .HeadTarget .BaseTarget $mergedStr | Safe}}</span>
+			<span class="pull-desc">{{$.i18n.Tr "repo.pulls.merged_title_desc" .NumCommits .HeadTarget .BaseTarget $mergedStr | Str2html}}</span>
 		{{else}}
 			<a {{if gt .Issue.Poster.ID 0}}href="{{.Issue.Poster.HomeLink}}"{{end}}>{{.Issue.Poster.Name}}</a>
 			<span class="pull-desc">{{$.i18n.Tr "repo.pulls.title_desc" .NumCommits .HeadTarget .BaseTarget | Str2html}}</span>
author	Unknwon <u@gogs.io>	2017-10-15 00:07:46 -0400
committer	Unknwon <u@gogs.io>	2017-10-15 00:07:46 -0400
commit	b727e0be71647c72124d64108c913e4a5bec156b (patch)
tree	5d957a700134e4b65c92fc6a43a89f2709d289f7 /templates/repo/issue
parent	ea313d0c1e6e467273bcd44fb1d42ff8e9045454 (diff)